Genesis
Monthly
SQL Server credentials are displayed in cleartext within the Hyper Historian Splitter GUI across multiple Mitsubishi Electric SCADA/HMI platforms (GENESIS64, ICONICS Suite, MC Works64, and related products), allowing local authenticated attackers with low privileges to capture database credentials and subsequently gain unauthorized access to backend SQL Servers. This affects versions 10.97.3 and prior for most products and all versions of MC Works64. No active exploitation confirmed (not in CISA KEV), though CISA has issued ICS advisory ICSA-26-097-01. With a CVSS 9.3 (Critical) score reflecting high confidentiality, integrity, and availability impact on both vulnerable and subsequent systems, the risk centers on credential theft enabling downstream SQL Server compromise.
Plaintext SQL Server credential storage in Mitsubishi Electric SCADA/HMI products allows local authenticated attackers with low-complexity exploitation to extract database credentials from SQLite cache files, enabling subsequent unauthorized SQL Server access for data manipulation and denial-of-service attacks. Affects multiple product lines including GENESIS64 ≤10.97.3, ICONICS Suite ≤10.97.3, and all MC Works64 versions when local SQLite caching is enabled with SQL authentication. CVSS 9.3 severity reflects extensive downstream impact potential (confidentiality, integrity, availability across both vulnerable system and connected SQL Server). No evidence of active exploitation (not in CISA KEV), but EPSS data unavailable and attack complexity rated low with only local authenticated access required.
SQL Server credentials are displayed in cleartext within the Hyper Historian Splitter GUI across multiple Mitsubishi Electric SCADA/HMI platforms (GENESIS64, ICONICS Suite, MC Works64, and related products), allowing local authenticated attackers with low privileges to capture database credentials and subsequently gain unauthorized access to backend SQL Servers. This affects versions 10.97.3 and prior for most products and all versions of MC Works64. No active exploitation confirmed (not in CISA KEV), though CISA has issued ICS advisory ICSA-26-097-01. With a CVSS 9.3 (Critical) score reflecting high confidentiality, integrity, and availability impact on both vulnerable and subsequent systems, the risk centers on credential theft enabling downstream SQL Server compromise.
Plaintext SQL Server credential storage in Mitsubishi Electric SCADA/HMI products allows local authenticated attackers with low-complexity exploitation to extract database credentials from SQLite cache files, enabling subsequent unauthorized SQL Server access for data manipulation and denial-of-service attacks. Affects multiple product lines including GENESIS64 ≤10.97.3, ICONICS Suite ≤10.97.3, and all MC Works64 versions when local SQLite caching is enabled with SQL authentication. CVSS 9.3 severity reflects extensive downstream impact potential (confidentiality, integrity, availability across both vulnerable system and connected SQL Server). No evidence of active exploitation (not in CISA KEV), but EPSS data unavailable and attack complexity rated low with only local authenticated access required.